Skip to content

Commit

Permalink
Return the increment < window_size, not "True", for verify_token()
Browse files Browse the repository at this point in the history
  • Loading branch information
@sfstpala
sfstpala committed Aug 25, 2015
1 parent d400aa3 commit d4c0c60
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 11 deletions.
8 changes: 6 additions & 2 deletions pcr/hotp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,13 @@ def get_token(secret, i=None):


def verify_token(token, secret, i=None, window_size=256):
for i in range(i, i + window_size if i is not None else 0):
if i is None:
return hmac.compare_digest(token, get_token(secret))
n = 0
for i in range(i, i + window_size):
n += 1
if hmac.compare_digest(token, get_token(secret, i)):
return True
return n
return False


Expand Down
23 changes: 14 additions & 9 deletions pcr/tests/test_hotp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.

import unittest
import unittest.mock
import base64

from pcr.hotp import get_token, verify_token, new_secret
Expand Down Expand Up @@ -52,16 +53,20 @@ def test_get_token(self):
self.assertEqual(get_token(self.secret, 8), self.tokens[8])
self.assertEqual(get_token(self.secret, 9), self.tokens[9])

def test_verify_token(self):
self.assertTrue(verify_token(
self.tokens[2], self.secret, 0, window_size=3))
self.assertTrue(verify_token(
self.tokens[2], self.secret, 1, window_size=3))
self.assertTrue(verify_token(
self.tokens[2], self.secret, 2, window_size=3))
@unittest.mock.patch("time.time")
def test_verify_token(self, time):
self.assertEqual(verify_token(
self.tokens[2], self.secret, 0, window_size=3), 3)
self.assertEqual(verify_token(
self.tokens[2], self.secret, 1, window_size=3), 2)
self.assertEqual(verify_token(
self.tokens[2], self.secret, 2, window_size=3), 1)
# we're past the window size:
self.assertFalse(verify_token(
self.tokens[2], self.secret, 3, window_size=3))
self.assertIs(verify_token(
self.tokens[2], self.secret, 3, window_size=3), False)
# time based tokens don't have a window size
time.return_value = 2 * 30
self.assertIs(verify_token(self.tokens[2], self.secret), True)

def test_new_secret(self):
# secrets should be unique and 20 characters long (base 32)
Expand Down

0 comments on commit d4c0c60

Please sign in to comment.